Phishing is a method of fraudulently obtaining personal information such as passwords, Social Security numbers, and credit card details by sending spoofed emails that look like they come from trusted sources (such as banks or legitimate companies). Basically it’s an online form of identity theft.
Typically, phishing emails ask recipients to click on the link in the email to verify or update contact details or credit card information. Like spam, phishing emails are sent to a large number of email addresses with the expectation that someone will be misled and disclose their personal information.
Since phishing relies on you to provide the personal information there is no guaranteed way to prevent it. However, the following best practices can help you make better decisions and protect yourself:
Inspect the website and email addresses
Phishing attempts often claim to be from a legitimate business, such as a bank or online store. A good first step is to look at the sender’s email address. If it does not end in what appears to be the business’ web domain, that is suspicious. However, emails can be faked (spoofed), so do not only rely on this.
As a next step, hover your mouse over the link offered in the email, or right-click the link, and select Properties. The full web address (URL) displays. If it is not leading to that business’ website, you can be nearly certain this is a phishing attempt. Do not be fooled by a random reference to the business in the URL.
For example, www.realbank.com.cn.log501.biz is not truly leading to the ‘realbank’ website.
Avoid email links whenever possible
If the business needs you to update your personal and credit information, you should be able navigate to the website manually and take care of the issue. Any time you are entering sensitive data, such as credit card or bank account numbers on a site, always check whether the URL is secured by encryption before you begin. The web address should begin with https:// as opposed to http://.
Another alternate method of checking the validity of a request to update account information is to contact the business’ Customer Service department by phone. This is the easiest and possibly most effective way to avoid being fooled by a phishing attempt.
Use Anti-Spam solutions
many web-based email providers, such as Yahoo! and Gmail, have anti-spam technology built-in. However, if you do not have Anti-Spam, or else find the solution offered by your email provider is ineffective, you can purchase Anti-Spam software to bolster your protection. This can better protect you against phishing schemes, and reduce the time spent deleting unwanted emails from your inbox.
What to do if you think you have been phished
If you believe you have already fallen prey to a phishing scam, or may have submitted your account details to an illegitimate site, here are some good steps to take:
If you simply updated an account profile on an e-commerce site your first step should be to change your password on the real site. Log in to the legitimate site, navigate to your Account Settings, and change your password. Then check immediately to see if any unauthorized purchases were made against your account, or if any changes were made to your personal information, such as mailing address. Adjust as needed.
If you were unfortunate enough to provide credit card details to a phishing site, contact your bank or credit card issuing company and report the information as stolen. This will require the cancellation of the existing card, and replacement with a card with a new set of numbers.